If Spanish is the new French where does that leave Geek?

The IT secur­ity industry loves its acronyms, why is anyone’s guess – maybe it’s a speed thing, perhaps it’s the whole idea of writing code or over­come lan­guage bar­ri­ers, I’ve even heard “it’s to do with saving band­width”, whatever! What I do know is it’s con­fus­ing for those on the outside to keep up when the IT crowd are in full flow – a typical dis­cus­sion would be ‘what’s the dif­fer­ence between SED and FDE and which is better?’ If you found you reworded the ques­tion to ‘what is’ then read on – I’m going to give you a sneak peak inside the mind of a geek.

Today, every busi­ness util­ises tech­no­logy in some form. However, this miracle of science has a split per­son­al­ity – a silent evil slash­ing an enter­prises’ artery and haem­or­rhaging sens­it­ive data, whilst the other is white knight revers­ing the tide and stem­ming the flow of bad blood gen­er­ated with each data breach.

WIIDWID?

So let’s begin with why IT is doing what it’s doing. First is the real­isa­tion that it’s not alone in its pen­chant for acronyms, reg­u­lat­ors have affec­tion for them too, res­ult­ing in a common ground between the board room and the IT domain with com­pli­ance a sig­ni­fic­ant driver to both :

DPA – The Data Pro­tec­tion Act 1998 is a UK Act of Par­lia­ment and the main piece of legis­la­tion that governs the control and pro­tec­tion of per­sonal data.

PCI DSS – The Payment Card Industry Data Secur­ity Stand­ard is a world­wide inform­a­tion secur­ity stand­ard created to prevent credit card fraud through increased con­trols around data and its expos­ure to compromise.

HIPAA — The Health Insur­ance Port­ab­il­ity and Account­ab­il­ity Act of 1996 is a set of US federal stand­ards that requires health­care organ­isa­tions to imple­ment secur­ity stand­ards that protect (and keep up to date) patient data and to stand­ard­ise on elec­tronic data interchange.

SOX – The Sarbanes-Oxley Act of 2002 is a US federal law. The bill was enacted as a reac­tion to major cor­por­ate and account­ing scan­dals. It covers issues such as auditor inde­pend­ence, cor­por­ate gov­ernance, internal control assess­ment and enhanced fin­an­cial disclosure.

WATDIW?

Okay, that’s why, so the natural pro­gres­sion is what are they doing it with?

FIPS 140–2 — a U.S. gov­ern­ment com­puter secur­ity stand­ard used to accredit cryp­to­graphic modules. It defines four levels of secur­ity, simply named “Level 1″ to “Level 4″ however, it does not specify in detail what level of secur­ity is required by any par­tic­u­lar applic­a­tion so it should not be con­sidered as a guar­an­tee that the product is secure.

Common Cri­teria – is a frame­work in which users can specify their secur­ity func­tional and assur­ance require­ments, vendors then imple­ment and/or make claims about the secur­ity attrib­utes of their products, and testing labor­at­or­ies eval­u­ate the products to determ­ine if they actu­ally meet the claims. As with FIPS, just because a product is Common Cri­teria cer­ti­fied, does not neces­sar­ily mean it’s com­pletely secure.

The Cloud – describes a new sup­ple­ment, con­sump­tion and deliv­ery model for IT ser­vices over the Internet.

Key­log­ging – track­ing the keys pressed on the key­board in a covert manner to steal pass­words, banking details, etc. Pre­vi­ously a piece of malware, there are now hard­ware instances – for example a key­board that looks legit­im­ate so this is a diver­si­fy­ing threat.

DLP – data loss pre­ven­tion refers to systems that identify, monitor, and protect data in use (e.g., end­point actions), data in motion (e.g., network actions), and data at rest (e.g., data storage) through deep content inspec­tion, con­tex­tual secur­ity ana­lysis of trans­ac­tion and with a cent­ral­ised man­age­ment framework.

Encryp­tion – the con­ver­sion of data into a form that cannot be easily under­stood by unau­thor­ised people. Decryp­tion is the process of con­vert­ing it back to its ori­ginal form.

FDE – Full Disk Encryp­tion, does what it says on the tin, using disk encryp­tion soft­ware to encrypt every bit of data that goes on a disk or disk volume (except­ing the Master Boot Record, which most FDE solu­tions leave unencrypted)

SED – a Self Encrypt­ing Drive is a hard drive based on the Trusted Com­put­ing Group’s spe­cific­a­tions, it can lock-down data auto­mat­ic­ally in less than a second and can be imme­di­ately and com­pletely erased in mil­li­seconds. SEDs are easily deployed and managed cost effect­ively and are inter­op­er­able across PC plat­form types. It is an emer­ging tech­no­logy so watch this space to see if it delivers.

Bit­Locker Drive Encryp­tion – a full disk encryp­tion feature included with the Ulti­mate and Enter­prise edi­tions of Microsoft’s Windows Vista and Windows 7 desktop oper­at­ing systems, as well as the Windows Server 2008 and Windows Server 2008 R2 server plat­forms. It’s designed to protect data by provid­ing encryp­tion for entire volumes.

U3 enabled – U3 Smart Drives are regular USB flash drives with a twist. Pro­grams can be installed on them that launch inde­pend­ently of the machine it’s inser­ted into and the data from those pro­grams travels on the device – leaving nothing behind. Whilst bene­fi­cial in the fight against data leakage, it has a mali­cious persona – for example, if it’s pre­loaded with malware and plugged into a logged on PC it could inject a virus into the system that is untraceable.

Black List – a list or register of items, for what ever reason, are being denied a par­tic­u­lar priv­ilege, service, mobil­ity, access or recognition.

White List – similar to a black list but instead of denying, you stip­u­late which are accep­ted so it’s easier to build up from a secur­ity per­spect­ive than elim­in­at­ing backwards.

SAM Data­base – the Secur­ity Accounts Manager data­base, used by Windows (and pos­sibly other OS’s), manages user accounts. It’s imple­men­ted as a registry file that is locked for exclus­ive use while the OS is running. If its con­tents were dis­covered by sub­ter­fuge, the keys are encryp­ted with a one-way hash, making it dif­fi­cult to break. Some ver­sions have a sec­ond­ary key, locking the encryp­tion to that copy of the OS.

TPM – Trusted Plat­form Module offers facil­it­ies for the secure gen­er­a­tion of cryp­to­graphic keys, and lim­it­a­tion of their use, in addi­tion to a hard­ware pseudo-random number gen­er­ator. It includes cap­ab­il­it­ies such as remote attest­a­tion and sealed storage.

Acronyms may be con­fus­ing but are not designed to make the user sound super­ior, they’re just an industry idio­syn­crasy, we all have them. However, the threat against data is serious and we musn’t let lan­guage cause a mis­un­der­stand­ing that thwarts our efforts – after all, it’s not a neces­sity it’s a requirement.

Sean Glynn – VP Mar­ket­ing Credant Tech­no­lo­gies

Addi­tional Information:

Credant Tech­no­lo­gies is exhib­it­ing at Infose­c­ur­ity Europe 2010, the Number One industry event in Europe held on April 27–29 in its new venue of Earls Court, London. The event provides an unri­valled free edu­ca­tion pro­gramme, with exhib­it­ors show­cas­ing new and emer­ging tech­no­lo­gies and offer­ing prac­tical and pro­fes­sional expert­ise. For further inform­a­tion, please visit: www.infosec.co.uk